1. 1. IAPS 1012 176 INTERNATIONAL AUDITING PRACTICE STATEMENT 1012 AUDITING DERIVATIVE FINANCIAL INSTRUMENTS (This Statement is effective) CONTENTS Paragraph Introduction .................................................................................................... 1 Derivative Instruments and Activities ............................................................ 27 Responsibility of Management and Those Charged with Governance .......... 810 The Auditors Responsibility ......................................................................... 1115 Knowledge of the Business ............................................................................ 1620 Key Financial Risks ....................................................................................... 21 Assertions to Address .................................................................................... 22 Risk Assessment and Internal Control ........................................................... 2365 Substantive Procedures .................................................................................. 6676 Substantive Procedures Related to Assertions ............................................... 7789 Additional Considerations About Hedging Activities ................................... 9091 Management Representations ........................................................................ 9293 Communications with Management and Those Charged with Governance ............................................................................................. 94 Glossary of Terms International Auditing Practice Statement (IAPS) 1012, Auditing Derivative Financial Instruments should be read in the context of the Preface to the International Standards on Quality Control, Auditing, Review, Other Assurance and Related Services, which sets out the application and authority of IAPSs. The International Auditing Practices Committee approved this International Auditing Practice Statement for publication in March 2001.
2. 2. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012177 AUDITING Introduction 1. The purpose of this International Auditing Practice Statement (IAPS) is to provide guidance to the auditor in planning and performing auditing procedures for financial statement assertions related to derivative financial instruments. This IAPS focuses on auditing derivatives held by end users, including banks and other financial sector entities when they are the end users. An end user is an entity that enters into a financial transaction, through either an organized exchange or a broker, for the purpose of hedging, asset/liability management or speculating. End users consist primarily of corporations, government entities, institutional investors and financial institutions. An end users derivative activities often are related to the entitys production or use of a commodity. The accounting systems and internal control issues associated with issuing or trading derivatives may be different from those associated with using derivatives. IAPS 1006, Audits of the Financial Statements of Banks provides guidance on the audits of banks and other financial-sector entities, and includes guidance on auditing international commercial banks issuing or trading derivatives. Derivative Instruments and Activities 2. Derivative financial instruments are becoming more complex, their use is becoming more commonplace and the accounting requirements to provide fair value and other information about them in financial statement presentations and disclosures are expanding. Values of derivatives may be volatile. Large and sudden decreases in their value may increase the risk that a loss to an entity using derivatives may exceed the amount, if any, recorded on the balance sheet. Furthermore, because of the complexity of derivative activities, management may not fully understand the risks of using derivatives. 3. For many entities, the use of derivatives has reduced exposures to changes in exchange rates, interest rates and commodity prices, as well as other risks. On the other hand, the inherent characteristics of derivative activities and derivative financial instruments also may result in increased business risk in some entities, in turn increasing audit risk and presenting new challenges to the auditor. 4. Derivatives is a generic term used to categorize a wide variety of financial instruments whose value depends on or is derived from an underlying rate or price, such as interest rates, exchange rates, equity prices, or commodity prices. Derivative contracts can be linear or non-linear. They are contracts that either involve obligatory cash flows at a future date (linear) or have option features where one party has the right but not the obligation to demand that another party deliver the underlying item to it (non-linear). Some national financial reporting frameworks, and the International Accounting Standards contain definitions of derivatives. For example, International Accounting
3. 3. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 178 Standard (IAS) 39, Financial Instruments: Recognition and Measurement defines a derivative as a financial instrument: Whose value changes in response to the change in a specified interest rate, security price, commodity price, foreign exchange rate, index of prices or rates, a credit rating or credit index, or similar variable (sometimes called the underlying); That requires no initial net investment or little initial net investment relative to other types of contracts that have a similar response to changes in market conditions; and That is settled at a future date. In addition, different national financial reporting frameworks and the International Accounting Standards provide for different accounting treatments of derivative financial instruments. 5. The most common linear contracts are forward contracts (for example, foreign exchange contracts and forward rate agreements), futures contracts (for example, a futures contract to purchase a commodity such as oil or power) and swaps. The most common non-linear contracts are options, caps, floors and swaptions. Derivatives that are more complex may have a combination of the characteristics of each category. 6. Derivative activities range from those whose primary objective is to: Manage current or anticipated risks relating to operations and financial position; or Take open or speculative positions to benefit from anticipated market movements. Some entities may be involved in derivatives not only from a corporate treasury perspective but also, or alternatively, in association with the production or use of a commodity. 7. While all financial instruments have certain risks, derivatives often possess particular features that leverage the risks, such as: Little or no cash outflows/inflows are required until maturity of the transactions; No principal balance or other fixed amount is paid or received; Potential risks and rewards can be substantially greater than the current outlays; and The value of an entitys asset or liability may exceed the amount, if any, of the derivative that is recognized in the financial statements, especially in entities whose financial reporting frameworks do not require derivatives to be recorded at fair market value in the financial statements.
4. 4. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012179 AUDITING Responsibilities of Management and Those Charged with Governance 8. ISA 200, Objective and General Principles Governing an Audit of Financial Statements states that the entitys management is responsible for preparing and presenting financial statements. As part of the process of preparing those financial statements, management makes specific assertions related to derivatives. Those assertions include (where the financial reporting framework requires) that all derivatives recorded in the financial statements exist, that there are no unrecorded derivatives at the balance sheet date, that the derivatives recorded in the financial statements are properly valued, and presented, and that all relevant disclosures are made in the financial statements. 9. Those charged with governance of an entity, through oversight of management, are responsible for: The design and implementation of a system of internal control to: Monitor risk and financial control; Provide reasonable assurance that the entitys use of derivatives is within its risk management policies; and Ensure that the entity is in compliance with applicable laws and regulations; and The integrity of the entitys accounting and financial reporting systems to ensure the reliability of managements financial reporting of derivative activities. 10. The audit of the financial statements does not relieve management or those charged with governance of their responsibilities. The Auditors Responsibility 11. ISA 200 states that the objective of the audit is to enable the auditor to express an opinion on whether the financial statements are prepared in all material respects, in accordance with the applicable financial reporting framework. The auditors responsibility related to derivative financial instruments, in the context of the audit of the financial statements taken as a whole, is to consider whether managements assertions related to derivatives result in financial statements prepared in all material respects in accordance with the applicable financial reporting framework. 12. The auditor establishes an understanding with the entity that the purpose of the audit work is to be able to express an opinion on the financial statements. The purpose of an audit of financial statements is not to provide assurance on the adequacy of the entitys risk management related to derivative activities, or the controls over those activities. To avoid any
5. 5. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 180 misunderstanding the auditor may discuss with management the nature and extent of the audit work related to derivative activities. ISA 210, Terms of Audit Engagements provides guidance on agreeing upon the terms of the engagement with an entity. The Need for Special Skill and Knowledge 13. ISA 200 requires that the auditor comply with the Code of Ethics for Professional Accountants (the Code) issued by the International Federation of Accountants. Among other things, the Code requires that the professional accountant perform professional services with competence and diligence. The Code further requires that the auditor maintain sufficient professional knowledge and skill to fulfill responsibilities with due care. 14. To comply with the requirements of ISA 200, the auditor may need special skills or knowledge to plan and perform auditing procedures for certain assertions about derivatives. Special skills and knowledge include obtaining an understanding of: The operating characteristics and risk profile of the industry in which an entity operates; The derivative financial instruments used by the entity, and their characteristics; The entitys information system for derivatives, including services provided by a service organization. This may require the auditor to have special skills or knowledge about computer applications when significant information about those derivatives is transmitted, processed, maintained or accessed electronically; The methods of valuation of the derivative, for example, whether fair value is determined by quoted market price, or a pricing model; and The requirements of the financial reporting framework for financial statement assertions related to derivatives. Derivatives may have complex features that require the auditor to have special knowledge to evaluate their measurement, recognition and disclosure in conformity with the financial reporting framework. For example, features embedded in contracts or agreements may require separate accounting, and complex pricing structures may increase the complexity of the assumptions used in measuring the instrument at fair value. In addition, the requirements of the financial reporting framework may vary depending on the type of derivative, the nature of the transaction, and the type of entity. 15. Members of the engagement team may have the necessary skill and knowledge to plan and perform auditing procedures related to derivatives transactions. Alternatively, the auditor may decide to seek the assistance of
6. 6. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012181 AUDITING an expert outside the firm, with the necessary skills or knowledge to plan and perform the auditing procedures, especially when the derivatives are very complex, or when simple derivatives are used in complex situations, the entity is engaged in active trading of derivatives, or the valuation of the derivatives are based on complex pricing models. ISA 220, Quality Control for Audits of Historical Financial Information1 provides guidance on the supervision of individuals who serve as members of the engagement team and assist the auditor in planning and performing auditing procedures. ISA 620, Using the Work of an Expert provides guidance on the use of an experts work as audit evidence. Knowledge of the Business 16. ISA 310, Knowledge of the Business2 requires the auditor, in performing an audit of financial statements, to have or obtain a knowledge of the business sufficient to enable the auditor to identify and understand the events, transactions and practices that, in the auditors judgment, may have a significant effect on the financial statements, the examination or the audit report. For example, the auditor uses such knowledge to assess inherent and control risks and to determine the nature, timing and extent of audit procedures. 17. Because derivative activities generally support the entitys business activities, factors affecting its day-to-day operations also will have implications for its derivative activities. For example, because of the economic conditions that affect the price of an entitys primary raw materials, an entity may enter into a futures contract to hedge the cost of its inventory. Similarly, derivative activities can have a major effect on the entitys operations and viability. General Economic Factors 18. General economic factors are likely to have an influence on the nature and extent of an entitys derivative activities. For example, when interest rates appear likely to rise, an entity may try to fix the effective level of interest rates on its floating rate borrowings through the use of interest rate swaps, forward rate agreements and caps. General economic factors that may be relevant include: The general level of economic activity; Interest rates, including the term structure of interest rates, and availability of financing; Inflation and currency revaluation; 1 ISA 220, Quality Control for Audit Work was withdrawn in June 2005 when ISA 220, Quality Control for Audits of Historical Financial Information became effective. 2 ISA 310, Knowledge of the Business was withdrawn in December 2004 when ISA 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement became effective.
7. 7. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 182 Foreign currency rates and controls; and The characteristics of the markets that are relevant to the derivatives used by the entity, including the liquidity or volatility of those markets. The Industry 19. Economic conditions in the entitys industry also are likely to influence the entitys derivative activities. If the industry is seasonal or cyclical, it may be inherently more difficult to accurately forecast interest rate, foreign exchange or liquidity exposures. A high growth rate or sharp rate of decline in an entitys business also may make it difficult to predict activity levels in general and, thus, its level of derivative activity. Economic conditions in a particular industry that may be relevant include: The price risk in the industry; The market and competition; Cyclical or seasonal activity; Declining or expanding operations; Adverse conditions (for example, declining demand, excess capacity, serious price competition); and Foreign currency transactions, translation or economic exposure. The Entity 20. To obtain a sufficient understanding of an entitys derivative activities, to be able to identify and understand the events, transactions and practices that, in the auditors judgment, may have a significant effect on the financial statements or on the examination or auditors report, the auditor considers: Knowledge and experience of management and those charged with governance. Derivative activities can be complicated and often, only a few individuals within an entity fully understand these activities. In entities that engage in few derivative activities, management may lack experience with even relatively simple derivative transactions. Furthermore, the complexity of various contracts or agreements makes it possible for an entity to inadvertently enter into a derivative transaction. Significant use of derivatives, particularly complex derivatives, without relevant expertise within the entity increases inherent risk. This may prompt the auditor to question whether there is adequate management control, and may affect the auditors risk assessment and the nature, extent and timing of audit testing considered necessary; Availability of timely and reliable management information. The control risk associated with derivative activities may increase with greater decentralization of those activities. This especially may be true where an
8. 8. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012183 AUDITING entity is based in different locations, some perhaps in other countries. Derivative activities may be run on either a centralized or a decentralized basis. Derivative activities and related decision making depend heavily on the flow of accurate, reliable, and timely management information. The difficulty of collecting and aggregating such information increases with the number of locations and businesses in which an entity is involved; and Objectives for the use of derivatives. Derivative activities range from those whose primary objective is to reduce or eliminate risk (hedging) to those whose primary objective is to maximize profits (speculating). All other things being equal, risk increases as maximizing profits becomes the focus of derivative activity. The auditor gains an understanding of the strategy behind the entitys use of derivatives and identifies where the entitys derivative activities lie on the hedging-speculating continuum. Key Financial Risks 21. The auditor obtains an understanding of the principal types of financial risk, related to derivative activities, to which entities may be exposed. Those key financial risks are: (a) Market risk, which relates broadly to economic losses due to adverse changes in the fair value of the derivative. Related risks include: Price risk, which relates to changes in the level of prices due to changes in interest rates, foreign exchange rates, or other factors related to market volatilities of the underlying rate, index, or price. Price risk includes interest rate risk and foreign exchange risk; Liquidity risk, which relates to changes in the ability to sell or dispose of the derivative instrument. Derivative activities bear the additional risk that a lack of available contracts or counterparties may make it difficult to close out the derivative transaction or enter into an offsetting contract. For example, liquidity risk may increase if an entity encounters difficulties obtaining the required security or commodity or other deliverable should the derivative call for physical delivery, Economic losses also may occur if the entity makes inappropriate trades based on information obtained using poor valuation models, and Derivatives used in hedging transactions bear additional risk, known as basis risk. Basis is the difference between the price of the hedged item and the price of the related hedging instrument.
9. 9. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 184 Basis risk is the risk that the basis will change while the hedging contract is open, and thus, the price correlation between the hedged item and the hedging instrument will not be perfect. For example, basis risk may be affected by a lack of liquidity in either the hedged item, or the hedging instrument; (b) Credit risk, which relates to the risk that a customer or counterparty will not settle an obligation for full value, either when due or at any time thereafter. For certain derivatives, market values are volatile, so the credit risk exposure also is volatile. Generally, a derivative has credit exposure only when the derivative has positive market value. That value represents an obligation of the counterparty and, therefore, an economic benefit that can be lost if the counterparty fails to fulfill its obligation. Furthermore, the market value of a derivative may fluctuate quickly, alternating between positive and negative values. The potential for rapid changes in prices, coupled with the structure of certain derivatives, also can affect credit risk exposure. For example, highly leveraged derivatives or derivatives with extended time periods can result in credit risk exposure increasing quickly after a derivative transaction has been undertaken. Many derivatives are traded under uniform rules through an organized exchange (exchange-traded derivatives). Exchange traded derivatives generally remove individual counterparty risk and substitute the clearing organization as the settling counterparty. Typically, the participants in an exchange-traded derivative settle changes in the value of their positions daily, which further mitigates credit risk. Other methods for minimizing credit risk include requiring the counterparty to offer collateral, or assigning a credit limit to each counterparty based on its credit rating; (c) Settlement risk is the related risk that one side of a transaction will be settled without value being received from the customer or counterparty. One method for minimizing settlement risk is to enter into a master netting agreement, which allows the parties to set off all their related payable and receivable positions at settlement; (d) Solvency risk, which relates to the risk that the entity would not have the funds available to honor cash outflow commitments as they fall due. For example, an adverse price movement on a futures contract may result in a margin call that the entity may not have the liquidity to meet; and (e) Legal risk, which relates to losses resulting from a legal or regulatory action that invalidates or otherwise precludes performance by the end user or its counterparty under the terms of the contract or related netting arrangements. For example, legal risk could arise from insufficient documentation for the contract, an inability to enforce a netting arrangement in bankruptcy, adverse changes in tax laws, or statutes that prohibit entities from investing in certain types of derivatives.
10. 10. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012185 AUDITING Although other classifications of risk exist, they are normally combinations of these principal risks. There is also a further risk for commodities in that their quality may not meet expectations. Assertions to Address 22. Financial statement assertions are assertions by management, explicit or otherwise, embodied in the financial statements prepared in accordance with the applicable financial reporting framework. They can be categorized as follows: Existence: An asset or liability exists at a given date. For example, the derivatives reported in the financial statements through measurement or disclosure exist at the date of the balance sheet; Rights and obligations: An asset or a liability pertains to the entity at a given date. For example, an entity has the rights and obligations associated with the derivatives reported in the financial statements; Occurrence: A transaction or event took place that pertains to the entity during the period. For example, the transaction that gave rise to the derivative occurred within the financial reporting period; Completeness: There are no unrecorded assets, liabilities, transactions or events, or undisclosed items. For example, all of the entitys derivatives are reported in the financial statements through measurement or disclosure; Valuation: An asset or liability is recorded at an appropriate carrying value. For example, the values of the derivatives reported in the financial statements through measurement or disclosure were determined in accordance with the financial reporting framework; Measurement: A transaction or event is recorded at the proper amount and revenue or expense is allocated to the proper period. For example, the amounts associated with the derivatives reported in the financial statements through measurement or disclosure were determined in accordance with the financial reporting framework, and the revenues or expenses associated with the derivatives reported in the financial statements were allocated to the correct financial reporting periods; and Presentation and disclosure: An item is disclosed, classified and described in accordance with the applicable financial reporting framework. For example, the classification, description and disclosure of derivatives in the financial statements are in accordance with the financial reporting framework.
11. 11. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 186 Risk Assessment and Internal Control 23. Audit risk is the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated. Audit risk has three components: inherent risk, control risk and detection risk. The auditor considers knowledge obtained about the business and about the key financial risks in assessing the components of audit risk. 24. ISA 400, Risk Assessments and Internal Control3 provides guidance on the auditors consideration of audit risk and internal control when planning and performing an audit of financial statements in accordance with ISAs. The ISA requires that the auditor use professional judgment to assess audit risk and to design audit procedures to ensure that risk is reduced to an acceptably low level. It also requires the auditor to obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach. Inherent Risk 25. Inherent risk is the susceptibility of an account balance or class of transactions to misstatement that could be material, individually or when aggregated with misstatements in other balances or classes, assuming that there were no related internal control. 26. ISA 4004 requires that, in developing the overall audit plan, the auditor assess the inherent risk at the financial statement level. ISA 400 requires the auditor to relate that assessment to material account balances and classes of transactions at the assertion level, or assume that inherent risk is high for the assertion. 27. ISA 400 provides guidance to the auditor in using professional judgment to evaluate numerous factors that may affect the assessment of inherent risk. Examples of factors that might affect the auditors assessment of the inherent risk for assertions about derivatives include: Economics and business purpose of the entitys derivative activities. The auditor understands the nature of the entitys business and the economics and business purpose of its derivative activities, all of which may influence the entitys decision to buy, sell or hold derivatives. Derivative activities range from positions where the primary aim is to reduce or eliminate risk (hedging), to positions where the primary aim is to maximize profits (speculating). The inherent risks associated with risk management differ significantly from those associated with speculative investing. 3 ISA 400, Risk Assessments and Internal Control was withdrawn in December 2004 when ISA 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, and ISA 330, The Auditors Procedures in Response to Assessed Risks became effective. 4 See footnote 3.
12. 12. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012187 AUDITING The complexity of a derivatives features. Generally, the more complex a derivative, the more difficult it is to determine its fair value. The fair values of certain derivatives, such as exchange-traded options, are available from independent pricing sources such as financial publications and broker-dealers not affiliated with the entity. Determining fair value can be particularly difficult, however, if a transaction has been customized to meet individual user needs. When derivatives are not traded regularly, or are traded only in markets without published or quoted market prices, management may use a valuation model to determine fair value. Valuation risk is the risk that the fair value of the derivative is determined incorrectly. Model risk, which is a component of valuation risk, exists whenever models (as opposed to quoted market prices) are used to determine the fair value of a derivative. Model risk is the risk associated with the imperfections and subjectivity of these models and their related assumptions. Both valuation risk and model risk contribute to the inherent risk for the valuation assertion about those derivatives. Whether the transaction giving rise to the derivative involved the exchange of cash. Many derivatives do not involve an exchange of cash at the inception of the transaction, or may involve contracts that have irregular or end of term cash flows. There is an increased risk that such contracts will not be identified, or will be only partially identified and recorded in the financial statements, increasing the inherent risk for the completeness assertion about those derivatives. An entitys experience with the derivative. Significant use of complex derivatives without relevant expertise within the entity increases inherent risk. Relevant expertise should reside with the personnel involved with the entitys derivative activities, including those charged with governance, those committing the entity to the derivative transactions (hereinafter referred to as dealers), those involved with risk control and the accounting and operations personnel responsible for recording and settling the transactions. In addition, management may be more likely to overlook infrequent transactions for relevant accounting and disclosure issues. Whether the derivative is an embedded feature of an agreement. Management may be less likely to identify embedded derivatives, which increases the inherent risk for the completeness assertion about those derivatives. Whether external factors affect the assertion. For example, the increase in credit risk associated with entities operating in declining industries increases the inherent risk for the valuation assertion about those derivatives. In addition, significant changes in, or volatility of, interest
13. 13. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 188 rates increase the inherent risk for the valuation of derivatives whose value is significantly affected by interest rates. Whether the derivative is traded on national exchanges or across borders. Derivatives traded in cross-border exchanges may be subject to increased inherent risk because of differing laws and regulations, exchange rate risk, or differing economic conditions. These conditions may contribute to the inherent risk for the rights and obligations assertion or the valuation assertion. 28. Many derivatives have the associated risk that a loss might exceed the amount, if any, of the value of the derivative recognized on the balance sheet (off-balance-sheet risk). For example, a sudden fall in the market price of a commodity may force an entity to realize losses to close a forward position in that commodity. In some cases, the potential losses may be enough to cast significant doubt on the entitys ability to continue as a going concern. ISA 570, Going Concern establishes standards and provides guidance on the auditors responsibility in the audit of financial statements with respect to the going concern assumption used in the preparation of the financial statements. The entity may perform sensitivity analyses or value- at-risk analyses to assess the hypothetical effects on derivative instruments subject to market risks. The auditor may consider these analyses in evaluating managements assessment of the entitys ability to continue as a going concern. Accounting Considerations 29. An entitys accounting method affects specific audit procedures and is, therefore, significant. The accounting for derivatives may depend whether the derivative has been classified as a hedging instrument, and if the hedging relationship is a highly effective one. For example, IAS 39 requires the entity to recognize the changes in fair value of a derivative instrument as net profit or loss in the current period. If a derivative is part of a hedging relationship that meets certain criteria, the hedging relationship qualifies for special hedge accounting, which recognizes the offsetting effects of the hedged item on net profit or loss. Because the derivatives and hedged item are economically connected, it is appropriate to recognize derivative gains or losses in the same accounting period that the gains or losses on the hedged item are recognized. For some transactions, changes in fair value will appear as a component of current net profit or loss. For other transactions, changes in fair value will appear currently in changes in equity, and ultimately, when the final transactions occurs, in net profit or loss. 30. Derivatives used as hedges are subject to the risk that market conditions will change so that the hedge is no longer effective and, thus, no longer meets the conditions of a hedging relationship. For example, IAS 39 requires that periodic gains and losses on a futures contract used to hedge the future purchase of
14. 14. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012189 AUDITING inventory be recognized as changes in stockholders equity, with the cumulative gains or losses appearing in net profit or loss in the same period(s) that the hedged forecasted transaction affects net profit or loss. Any discrepancies between changes in the spot price of the futures contract and the corollary changes in the cost of the related inventory purchase would reduce the effectiveness of the hedge. Discrepancies may be caused by differing delivery sites for an inventory purchase and futures contract used to hedge the inventory purchase. For example, the cost of physical delivery may vary depending on site. Other discrepancies may be caused by differing time parameters between the execution of the hedged item and the hedging instrument, or differing quality or quantity measures involving the hedged item and those specified in the hedging instrument. IAS 39 requires the ineffective portion of a change in the value of a hedging instrument to be reported immediately in net profit or loss. If the hedge is assessed and determined not to be highly effective, the hedging relationship would no longer meet the criteria for hedge accounting. Continued hedge accounting would exclude gains and losses improperly from net profit or loss for the period. The complexities of the accounting for derivatives increase the inherent risk for the presentation and disclosure assertion about those derivatives. Accounting System Considerations 31. ISA 4005 requires that the auditor obtain an understanding of the accounting system. To achieve this understanding, the auditor obtains knowledge of the design of the accounting system, changes to that system and its operation. The extent of an entitys use of derivatives and the relative complexity of the instruments are important determinants of the necessary level of sophistication of both the entitys information systems (including the accounting system) and control procedures. 32. Certain instruments may require a large number of accounting entries. Although the accounting system used to post derivative transactions likely will need some manual intervention, ideally, the accounting system is able to post such entries accurately with minimal manual intervention. As the sophistication of the derivative activities increases, so should the sophistication of the accounting system. Because this is not always the case, the auditor remains alert to the possible need to modify the audit approach if the quality of the accounting system, or aspects of it, appears weak. Control Environment 33. The control environment influences the tone of an entity and the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. The control environment has 5 See footnote 3.
15. 15. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 190 a pervasive influence on the way business activities are structured, objectives established and risks assessed. 34. ISA 4006 requires the auditor to obtain an understanding of the control environment sufficient to assess the attitudes of management and those charged with governance, their awareness and actions regarding internal control and its importance in the entity. 35. The auditor considers managements overall attitude toward, and awareness of, derivative activities as a part of obtaining an understanding of the control environment, including any changes to it. It is the role of those charged with governance to determine an appropriate attitude towards the risks. It is managements role to monitor and manage the entitys exposures to those risks. The auditor obtains an understanding of how the control environment for derivatives responds to managements assessment of risk. To effectively monitor and manage its exposure to risk, an entity implements a structure that: Is appropriate and consistent with the entitys attitude toward risk as determined by those charged with governance; Specifies the approval levels for the authorization of different types of instruments and transactions that may be entered into and for what purposes. The permitted instruments and approval levels should reflect the expertise of those involved in derivative activities; Sets appropriate limits for the maximum allowable exposure to each type of risk (including approved counterparties). Levels of allowable exposure may vary depending on the type of risk, or counterparty; Provides for the independent and timely monitoring of the financial risks and control procedures; and Provides for the independent and timely reporting of exposures, risks and the results of derivative activities in managing risk. 36. Management should establish suitable guidelines to ensure that derivative activities fulfill the entitys needs. In setting suitable guidelines, management should include clear rules on the extent to which those responsible for derivative activities are permitted to participate in the derivative markets. Once this has been done, management can implement suitable systems to manage and control those risks. Three elements of the control environment deserve special mention for their potential effect on controls over derivative activities: Direction from management or those charged with governance. Management is responsible for providing direction, through clearly stated policies, for the purchase, sale and holding of derivatives. These policies should begin with management clearly stating its objectives with 6 See footnote 3.
16. 16. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012191 AUDITING regard to its risk management activities and an analysis of the investment and hedging alternatives available to meet those objectives. Policies and procedures should then be developed that consider the: Level of the entitys management expertise; Sophistication of the entitys internal control and monitoring systems; Entitys asset/liability structure; Entitys capacity to maintain liquidity and absorb losses of capital; Types of derivative financial instruments that management believes will meet its objectives; and Uses of derivative financial instruments that management believes will meet its objectives, for example, whether derivatives may be used for speculative purposes or hedging purposes. An entitys policies for the purchase, sale and holding of derivatives should be appropriate and consistent with its attitude toward risk and the expertise of those involved in derivative activities. Segregation of duties and the assignment of personnel. Derivative activities may be categorized into three functions: Committing the entity to the transaction (dealing); Initiating cash payments and accepting cash receipts (settlements); and Recording of all transactions correctly in the accounting records, including the valuation of derivatives. Segregation of duties should exist among these three functions. Where an entity is too small to achieve proper segregation of duties, management should take a more active role to monitor derivative activities. Some entities have established a fourth function, risk control, which is responsible for reporting on and monitoring derivative activities. Examples of key responsibilities in this area may include: Setting and monitoring risk management policy; Designing risk limit structures; Developing disaster scenarios and subjecting open position portfolios to sensitivity analysis, including reviews of unusual movements in positions; and Reviewing and analyzing new derivative instrument products.
17. 17. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 192 In entities that have not established a separate risk control function, reporting on and monitoring derivative activities may be a component of the accounting functions responsibility or managements overall responsibility. Whether or not the general control environment has been extended to those responsible for derivative activities. An entity may have a control culture that is generally focused on maintaining a high level of internal control. Because of the complexity of some treasury or derivative activities, this culture may not pervade the group responsible for derivative activities. Alternatively, because of the risks associated with derivative activities, management may enforce a more strict control environment than it does elsewhere within the entity. 37. Some entities may operate an incentive compensation system for those involved in derivative transactions. In such situations, the auditor considers the extent to which proper guidelines, limits and controls have been established to ascertain if the operation of that system could result in transactions that are inconsistent with the overall objectives of the entitys risk management strategy. 38. When an entity uses electronic commerce for derivative transactions, it should address the security and control considerations relevant to the use of an electronic network. Control Objectives and Procedures 39. Internal controls over derivative transactions should prevent or detect problems that hinder an entity from achieving its objectives. These objectives may be either operational, financial reporting, or compliance in nature, and internal control is necessary to prevent or detect problems in each area. 40. ISA 4007 requires the auditor to obtain an understanding of the control procedures sufficient to plan the audit. Effective control procedures over derivatives generally will include adequate segregation of duties, risk management monitoring, management oversight, and other policies and procedures designed to ensure that the entitys control objectives are met. Those control objectives include the following: Authorized execution. Derivative transactions are executed in accordance with the entitys approved policies. Complete and accurate information. Information relating to derivatives, including fair value information, is recorded on a timely basis, is complete and accurate when entered into the accounting system, and has been properly classified, described and disclosed. 7 See footnote 3.
18. 18. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012193 AUDITING Prevention or detection of errors. Misstatements in the processing of accounting information for derivatives are prevented or detected in a timely manner. Ongoing monitoring. Activities involving derivatives are monitored on an ongoing basis to recognize and measure events affecting related financial statement assertions. Valuation. Changes in the value of derivatives are appropriately accounted for and disclosed to the right people from both an operational and a control viewpoint. Valuation may be a part of ongoing monitoring activities. In addition, for derivatives designated as hedges, internal controls should assure that those derivatives meet the criteria for hedge accounting, both at the inception of the hedge, and on an ongoing basis. 41. As it relates to the purchase, sale and holding of derivatives, the level of sophistication of an entitys internal control will vary according to: The complexity of the derivative and the related inherent riskmore complex derivative activities will require more sophisticated systems; The risk exposure of derivative transactions in relation to the capital employed by the entity; and The volume of transactionsentities that do not have a significant volume of derivative transactions will require less sophisticated accounting systems and internal control. 42. As the sophistication of derivative activity increases, so should internal control. In some instances, an entity will expand the types of financial activities it enters into without making corresponding adjustments to its internal control. 43. In larger entities, sophisticated computer information systems generally keep track of derivative activities, and to ensure that settlements occur when due. More complex computer systems may generate automatic postings to clearing accounts to monitor cash movements. Proper controls over processing will help to ensure that derivative activities are correctly reflected in the entitys records. Computer systems may be designed to produce exception reports to alert management to situations where derivatives have not been used within authorized limits or where transactions undertaken were not within the limits established for the chosen counterparties. Even a sophisticated computer system may not ensure the completeness of derivative transactions. 44. Derivatives, by their very nature, can involve the transfer of sizable amounts of money both to and from the entity. Often, these transfers take place at maturity. In many instances, a bank is only provided with appropriate payment instructions or receipt notifications. Some entities may use electronic fund transfer systems. Such systems may involve complex password and verification
19. 19. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 194 controls, standard payment templates and cash pooling/sweeping facilities. ISA 401, Auditing in a Computer Information Systems Environment8 requires the auditor to consider how computer information systems (CIS) environments affect the audit and to obtain an understanding of the significance and complexity of the CIS activities and the availability of data for use in the audit. The auditor gains an understanding of the methods used to transfer funds, along with their strengths and weaknesses, as this will affect the risks the business is faced with and accordingly, the audit risk assessment. 45. Regular reconciliations are an important aspect of controlling derivative activities. Formal reconciliations should be performed on a regular basis to ensure that the financial records are properly controlled, all entries are promptly made and the dealers have adequate and accurate position information before formally committing the entity to a legally binding transaction. Reconciliations should be properly documented and independently reviewed. The following are some of the more significant types of reconciliation procedures associated with derivative activities: Reconciliation of dealers records to records used for the ongoing monitoring process and the position or profit and loss shown in the general ledger. Reconciliation of subsidiary ledgers, including those maintained on computerized data bases, to the general ledger. Reconciliation of all clearing and bank accounts and broker statements to ensure all outstanding items are promptly identified and cleared. Reconciliation of entitys accounting records to records maintained by service organizations, where applicable. 46. An entitys deal initiation records should clearly identify the nature and purpose of individual transactions, and the rights and obligations arising under each derivative contract. In addition to the basic financial information, such as a notional amount, these records should include: The identity of the dealer; The identity of the person recording the transaction, if that person is not the dealer; The date and time of the transaction; The nature and purpose of the transaction, including whether or not it is intended to hedge an underlying commercial exposure; and 8 ISA 401, Auditing in a Computer Information Systems Environment was withdrawn in December 2004 when ISA 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, and ISA330, TheAuditors Procedures in Response to Assessed Risks became effective.
20. 20. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012195 AUDITING Information on compliance with accounting requirements related to hedging, if applicable, such as: Designation as a hedge, including the type of hedge; Identification of the criteria used for assessing effectiveness of the hedge; and Identification of the hedged item in a hedging relationship. 47. Transaction records for derivatives may be maintained in a database, register or subsidiary ledger, which are then checked for accuracy with independent confirmations received from the counterparties to the transactions. Often, the transaction records will be used to provide accounting information, including information for disclosures in the financial statements, together with other information to manage risk, such as exposure reports against policy limits. Therefore, it is essential to have appropriate controls over input, processing and maintenance of the transaction records, whether they are in a database, a register or a subsidiary ledger. 48. The main control over the completeness of the derivative transaction records is the independent matching of counterparty confirmations against the entitys own records. Counterparties should be asked to send the confirmations back directly to employees of the entity that are independent from the dealers, to guard against dealers suppressing confirmations and hiding transactions, and all details should be checked off against the entitys records. Employees independent of the dealer should resolve any exceptions contained in the confirmations, and fully investigate any confirmation that is not received. The Role of Internal Auditing 49. As part of the assessment of internal control, the auditor considers the role of internal auditing. The knowledge and skills required to understand and audit an entitys use of derivatives are generally quite different from those needed in auditing other parts of the business. The external auditor considers the extent to which the internal audit function has the knowledge and skill to cover, and has in fact covered, the entitys derivatives activities. 50. In many entities, internal auditing forms an essential part of the risk control function that enables senior management to review and evaluate the control procedures covering the use of derivatives. The work performed by internal auditing may assist the external auditor in assessing the accounting systems and internal controls and therefore control risk. Areas where the work performed by internal auditing may be particularly relevant are: Developing a general overview of the extent of derivative use; Reviewing the appropriateness of policies and procedures and managements compliance with them;
21. 21. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 196 Reviewing the effectiveness of control procedures; Reviewing the accounting systems used to process derivative transactions; Reviewing systems relevant to derivative activities; Ensuring that objectives for derivative management are fully understood across the entity, particularly where there are operating divisions where the risk exposures are most likely to arise; Assessing whether new risks relating to derivatives, are being identified, assessed and managed; Evaluating whether the accounting for derivatives is in accordance with the financial reporting framework including, if applicable, whether derivatives accounted for using hedge accounting specified by the financial reporting framework meet the conditions of a hedging relationship; and Conducting regular reviews to: Provide management with assurance that derivative activities are being properly controlled; and Ensure that new risks and the use of derivatives to manage these risks are being identified, assessed and managed. 51. Certain aspects of internal auditing may be useful in determining the nature, timing and extent of external audit procedures. When it appears that this might be the case, the external auditor, during the course of planning the audit, obtains a sufficient understanding of internal audit activities and performs a preliminary assessment of the internal audit function When the external auditor intends to use specific internal audit work, the external auditor evaluates and tests that work to confirm its adequacy for the external auditors purposes. ISA 610, Considering the Work of Internal Auditing provides guidance to the external auditor in considering the work of internal auditing. Service Organizations 52. Entities may use service organizations to initiate the purchase or sale of derivatives or maintain records of derivative transactions for the entity. 53. The use of service organizations may strengthen controls over derivatives. For example, a service organizations personnel may have more experience with derivatives than the entitys management. The use of the service organization also may allow for greater segregation of duties. On the other hand, the use of a service organization may increase risk because it may have a different control culture or process transactions at some distance from the entity.
22. 22. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012197 AUDITING 54. ISA 402 provides guidance to the auditor when the entity being audited uses a service organization. ISA 402 requires the auditor to consider, when planning the audit and developing an effective audit approach, how using a service organization affects the entitys accounting and internal control systems. ISA 402 provides further guidance in auditing entities using service organizations. When applying ISA 402 to a service organization engaged in derivative transactions, the auditor considers how a service organization affects the entitys accounting and internal control systems. 55. Because service organizations often act as investment advisors, the auditor may consider risks associated with service organizations when acting as investment advisors, including: How their services are monitored; The procedures in place to protect the integrity and confidentiality of the information; Contingency arrangements; and Any related party issues that may arise because the service organization can enter into its own derivative transactions with the entity while, at the same time, being a related party. Control Risk 56. Control risk is the risk that an entitys accounting and internal control systems will not prevent or detect and correct, on a timely basis, any misstatements in an account balance or class of transactions that could be material, individually or when aggregated with misstatements in other balances or classes. 57. ISA 4009 requires the auditor, after obtaining an understanding of the accounting and internal control systems, to make a preliminary assessment of control risk, at the assertion level, for each material account balance or class of transactions. ISA 400 requires the preliminary assessment of control risk for a financial statement assertion to be high unless the auditor: (a) Is able to identify internal controls relevant to the assertion that are likely to prevent or detect and correct a material misstatement; and (b) Plans to perform tests of control to support the assessment. 58. When developing the audit approach, the auditor considers the preliminary assessment of control risk (in conjunction with the assessment of inherent risk) to determine the nature, timing and extent of substantive procedures for the financial statement assertions. 9 See footnote 3.
23. 23. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 198 59. Examples of considerations that might affect the auditors assessment of control risk include: Whether policies and procedures that govern derivative activities reflect managements objectives; How management informs its personnel of controls; How management captures information about derivatives; and How management assures itself that controls over derivatives are operating as designed. 60. ISA 400 requires the auditor, before the conclusion of the audit, and based on the results of substantive procedures and other audit evidence obtained, to consider whether the assessment of control risk is confirmed. 61. The assessment of control risk depends on the auditors judgment as to the quality of the control environment and the control procedures in place. In reaching a decision on the nature, timing and extent of testing of controls, the auditor considers factors such as: The importance of the derivative activities to the entity; The nature, frequency and volume of derivatives transactions; The potential effect of any identified weaknesses in control procedures; The types of controls being tested; The frequency of performance of these controls; and The evidence of performance. Tests of Controls 62. Where the assessment of control risk is less than high, the auditor performs tests of controls to obtain evidence as to whether or not the preliminary assessment of control risk is supported. Notwithstanding the auditors assessment of control risk, it may be that the entity undertakes only a limited number of derivative transactions, or that the magnitude of these instruments is especially significant to the entity as a whole. In such instances, a substantive approach, sometimes in combination with tests of control, may be more appropriate. 63. The population from which items are selected for detailed testing is not limited to the accounting records. Tested items may be drawn from other sources, for example counterparty confirmations and trader tickets, so that the possibility of overlooking transactions in the recording procedure can be tested. 64. Tests of controls are performed to obtain audit evidence about the effectiveness of the: (a) design of the accounting and internal control systems, that is, whether they are suitably designed to prevent or detect and correct material
24. 24. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012199 AUDITING misstatements and (b) operation of the internal controls throughout the period. Key procedures may include evaluating, for a suitably sized sample of transactions, whether: Derivatives have been used in accordance with the agreed policies, guidelines and within authority limits; Appropriate decision-making processes have been applied and the reasons behind entering into selected transactions are clearly understandable; The transactions undertaken were within the policies for derivative transactions, including terms and limits and transactions with foreign or related parties; The transactions were undertaken with counterparties with appropriate credit risk; Derivatives are subject to appropriate timely measurement, and reporting of risk exposure, independent of the dealer; Counterparty confirmations have been sent; Incoming confirmations from counterparties have been properly matched and reconciled; Early termination and extension of derivatives are subject to the same controls as new derivative transactions; Designations, including any subsequent changes in designations, as hedging or speculative transactions, are properly authorized; Transactions have been properly recorded and are entered completely and accurately in the accounting records, and correctly processed in any subsidiary ledger through to the financial statements; and Adequate security has been maintained over passwords necessary for electronic fund transfers. 65. Examples of tests of controls to consider include: Reading minutes of meetings of those charged with governance of the entity (or, where the entity has established one, the Asset/Liability Risk Management Committee or similar group) for evidence of that bodys periodic review of derivative activities, adherence to established policies, and periodic review of hedging effectiveness; and Comparing derivative transactions, including those that have been settled to the entitys policies to determine whether the entity is following those policies. For example, the auditor might:
25. 25. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 200 Test that transactions have been executed in accordance with authorizations specified in the entitys policy; Test that any pre-acquisition sensitivity analysis dictated by the investment policy is being performed; Test transactions to determine whether the entity obtained required approvals for the transactions and used only authorized brokers or counterparties; Inquire of management about whether derivatives and related transactions are being monitored and reported upon on a timely basis and read any supporting documentation; Test recorded purchases of derivatives, including their classification and prices, and the entries used to record related amounts; Test the reconciliation process. The auditor might test whether reconciling differences are investigated and resolved on a timely basis, and whether the reconciliations are reviewed and approved by supervisory personnel. For example, organizations that have a large number of derivative transactions may require reconciliation and review on a daily basis; Test the controls for unrecorded transactions. The auditor might examine the entitys third-party confirmations and the resolution of any exceptions contained in the confirmations; and Test the controls over the adequate security and back-up of data to ensure adequate recovery in case of disaster. In addition, the auditor may consider the procedures the entity adopts for annual testing and maintenance of the computerized records site. Substantive Procedures 66. ISA 40010 requires the auditor to consider the assessed levels of inherent and control risk in determining the nature, timing and extent of substantive procedures required to reduce audit risk to an acceptably low level. The higher the assessment of inherent and control risk, the more audit evidence the auditor obtains from the performance of substantive procedures. 67. The assessed levels of inherent and control risk cannot be sufficiently low to eliminate the need for the auditor to perform any substantive procedures. The auditor performs some substantive procedures for material account balances and classes of transactions. Nevertheless, the auditor may not be able to obtain sufficient appropriate audit evidence to reduce detection risk, 10 See footnote 3.
26. 26. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012201 AUDITING and therefore reduce audit risk to an acceptably low level by performing substantive tests alone. If the auditor is unable to reduce audit risk to an acceptably low level, ISA 700, The Auditors Report on Financial Statements11 requires the auditor to qualify or disclaim an opinion. Furthermore, ISA 400 requires the auditor to make management aware, as soon as practical and at an appropriate level of responsibility, of material weaknesses in the design or operation of the accounting and internal control systems that have come to the auditors attention. Materiality 68. ISA 320, Audit Materiality states that the auditor considers materiality at both the overall financial statement level and in relation to individual account balances, classes of transactions and disclosures. The auditors judgment may include assessments of what constitutes materiality for significant captions in the balance sheet, income statement, and statement of cash flows both individually, and for the financial statements as a whole. 69. ISA 320 requires the auditor to consider materiality when determining the nature, timing and extent of audit procedures. While planning the audit, materiality may be difficult to assess in relation to derivative transactions, particularly given some of their characteristics. Materiality cannot be based on balance sheet values alone, as derivatives may have little effect on the balance sheet, even though significant risks may arise from them. When assessing materiality, the auditor also may consider the potential effect on the account balance or class of transactions on the financial statements. A highly leveraged, or a more complex, derivative may be more likely to have a significant effect on the financial statements than a less highly leveraged or simpler derivative might. Greater potential for effect on the financial statements also exists when the exposure limits for entering into derivative transactions are high. Types of Substantive Procedures 70. Substantive audit procedures are performed to obtain audit evidence to detect material misstatements in the financial statements, and are of two types: (a) tests of details of transactions and balances; and (b) analytical procedures. 71. In designing substantive tests, the auditor considers: Appropriateness of accounting. A primary audit objective often addressed through substantive procedures is determining the appropriateness of an entitys accounting for derivatives. 11 ISA 700, The Auditors Report on Financial Statements was withdrawn in December 2006 when ISA 700, The Independent Auditors Report on a Complete Set of General Purpose Financial Statements became effective.
27. 27. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 202 Involvement of an outside organization. When planning the substantive procedures for derivatives, the auditor considers whether another organization holds, services or both holds and services the entitys derivatives. Interim audit procedures. When performing substantive procedures before the balance sheet date, the auditor considers market movement in the period between the interim testing date and year-end. The value of some derivatives can fluctuate greatly in a relatively short period. As the amount, relative significance, or composition of an account balance becomes less predictable, the value of testing at an interim date becomes less valuable. Routine vs. non-routine transactions. Many financial transactions are negotiated contracts between an entity and its counterparty. To the extent that derivative transactions are not routine and outside an entitys normal activities, a substantive audit approach may be the most effective means of achieving the planned audit objectives. Procedures performed in other audit areas. Procedures performed in other financial statement areas may provide evidence about the completeness of derivative transactions. These procedures may include tests of subsequent cash receipts and payments, and the search for unrecorded liabilities. Analytical Procedures 72. ISA 520, Analytical Procedures requires the auditor to apply analytical procedures at the planning and overall review stages of the audit. Analytical procedures also may be applied at other stages of the audit. Analytical procedures as a substantive procedure in the audit of derivative activities may give information about an entitys business but, by themselves, are generally unlikely to provide sufficient evidence with respect to assertions related to derivatives. The complex interplay of the factors from which the values of these instruments are derived often masks any unusual trends that might arise. 73. Some personnel responsible for derivative activities compile detailed analytical reviews of the results of all derivatives activity. They are able to capture the effect of derivatives trading volumes and market price movements on the financial results of the entity and compile such an analysis because of their detailed day-to-day involvement in the activities. Similarly, some entities may use analytical techniques in their reporting and monitoring activities. Where such analysis is available, the auditor may use it to further understand the entitys derivative activity. In doing so, the auditor seeks satisfaction that the information is reliable and has been correctly extracted from the underlying accounting records by persons sufficiently objective to be confident that the
28. 28. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012203 AUDITING information fairly reflects the entitys operations. When appropriate, the auditor may use computer software for facilitating analytical procedures. 74. Analytical procedures may be useful in evaluating certain risk management policies over derivatives, for example, credit limits. Analytical procedures also may be useful in evaluating the effectiveness of hedging activities. For example, if an entity uses derivatives in a hedging strategy, and large gains or losses are noted as a result of analytical procedures, the effectiveness of the hedge may become questionable and accounting for the transaction as a hedge may not be appropriate. 75. Where no such analysis is compiled and the auditor wants to do one, the effectiveness of the analytical review often depends upon the degree to which management can provide detailed and disaggregated information about the activities undertaken. Where such information is available, the auditor may be able to undertake a useful analytical review. If the information is not available, analytical procedures will be effective only as a means of identifying financial trends and relationships in simple, low volume environments. This is because, as volume and complexity of operations increase, unless detailed information is available, the factors affecting revenues and costs are such that meaningful analysis by the auditor often proves difficult, and the value of analytical procedures as an audit tool decreases. In such situations, analytical procedures are not likely to identify inappropriate accounting treatments. Evaluating Audit Evidence 76. Evaluating audit evidence for assertions about derivatives requires considerable judgment because the assertions, especially those about valuation, are based on highly subjective assumptions or are particularly sensitive to changes in the underlying assumptions. For example, valuation assertions may be based on assumptions about the occurrence of future events for which expectations are difficult to develop or about conditions expected to exist a long time. Accordingly, competent persons could reach different conclusions about estimates of fair values or estimates of ranges of fair values. Considerable judgment also may be required in evaluating audit evidence for assertions based on features of the derivative and applicable accounting principles, including underlying criteria, that are both extremely complex. ISA 540, Audit of Accounting Estimates provides guidance to the auditor on obtaining and evaluating sufficient competent audit evidence to support significant accounting estimates. ISA 620 provides guidance on the use of the work of an expert in performing substantive tests.
29. 29. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 204 Substantive Procedures Related to Assertions Existence and Occurrence 77. Substantive tests for existence and occurrence assertions about derivatives may include: Confirmation with the holder of or the counterparty to the derivative; Inspecting the underlying agreements and other forms of supporting documentation, including confirmations received by an entity, in paper or electronic form, for amounts reported; Inspecting supporting documentation for subsequent realization or settlement after the end of the reporting period; and Inquiry and observation. Rights and Obligations 78. Substantive tests for rights and obligations assertions about derivatives may include: Confirming significant terms with the holder of, or counterparty to, the derivative; and Inspecting underlying agreements and other forms of supporting documentation, in paper or electronic form. Completeness 79. Substantive tests for completeness assertions about derivatives may include: Asking the holder of or counterparty to the derivative to provide details of all derivatives and transactions with the entity. In sending confirmation requests, the auditor determines which part of the counterpartys organization is responding, and whether the respondent is responding on behalf of all aspects of its operations; Sending zero-balance confirmations to potential holders or counterparties to derivatives to test the completeness of derivatives recorded in the financial records; Reviewing brokers statements for the existence of derivative transactions and positions held; Reviewing counterparty confirmations received but not matched to transaction records; Reviewing unresolved reconciliation items; Inspecting agreements, such as loan or equity agreements or sales contracts, for embedded derivatives (the accounting treatment of such
30. 30. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012205 AUDITING embedded derivatives may differ among financial reporting frameworks); Inspecting documentation for activity subsequent to the end of the reporting period; Inquiry and observation; and Reading other information, such as minutes of those charged with governance, and related papers and reports on derivative activities received by the governance body. Valuation and Measurement 80. Tests of valuation assertions are designed according to the valuation method used for the measurement or disclosure. The financial reporting framework may require that a financial instrument be valued based on cost, the amount due under a contract, or fair value. It also may require disclosures about the value of a derivative and specify that impairment losses be recognized in net profit or loss before their realization. Substantive procedures to obtain evidence about the valuation of derivative financial instruments may include: Inspecting of documentation of the purchase price; Confirming with the holder of or counterparty to the derivative; Reviewing the creditworthiness of counterparties to the derivative transaction; and Obtaining evidence corroborating the fair value of derivatives measured or disclosed at fair value. 81. The auditor obtains evidence corroborating the fair value of derivatives measured or disclosed at fair value. The method for determining fair value may vary depending on the industry in which the entity operates, including any specific financial reporting framework that may be in effect for that industry, or the nature of the entity. Such differences may relate to the consideration of price quotations from inactive markets and significant liquidity discounts, control premiums, and commissions and other costs that would be incurred when disposing of a derivative. The method for determining fair value also may vary depending on the type of asset or liability. ISA 540 provides guidance on the audit of accounting estimates contained in financial statements. 82. Quoted market prices for certain derivatives that are listed on exchanges or over-the-counter markets are available from sources such as financial publications, the exchanges or pricing services based on sources such as these. Quoted market prices for other derivatives may be obtained from broker-dealers who are market makers in those instruments. If quoted market prices are not available for a derivative, estimates of fair value may be obtained from third-
31. 31. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 206 party sources based on proprietary models or from an entitys internally developed or acquired models. If information about the fair value is provided by a counterparty to the derivative, the auditor considers whether such information is objective. In some instances, it may be necessary to obtain fair value estimates from additional independent sources. 83. Quoted market prices obtained from publications or from exchanges are generally considered to provide sufficient evidence of the value of derivative financial instruments. Nevertheless, using a price quote to test valuation assertions may require a special understanding of the circumstances in which the quote was developed. For example, quotations provided by the counterparty to an option to enter into a derivative financial instrument may not be based on recent trades and may be only an indication of interest. In some situations, the auditor may determine that it is necessary to obtain fair value estimates from broker-dealers or other third-party sources. The auditor also may determine that it is necessary to obtain estimates from more than one pricing source. This may be appropriate if the pricing source has a relationship with an entity that might impair its objectivity. 84. It is managements responsibility to estimate the value of the derivative instrument. If an entity values the derivative using a valuation model, the auditor does not function as an appraiser and the auditors judgment is not substituted for that of the entitys management. The auditor may test asser- tions about the fair value determined using a model by procedures such as: Assessing the reasonableness and appropriateness of the model. The auditor determines whether the market variables and assumptions used are reasonable and appropriately supported. Furthermore, the auditor assesses whether market variables and assumptions are used consistently, and whether new conditions justify a change in the market variables or assumptions used. The evaluation of the appropriateness of valuation models and each of the variables and assumptions used in the models may require considerable judgment and knowledge of valuation techniques, market factors that affect value, and market conditions, particularly in relation to similar financial instruments. Accordingly, the auditor may consider it necessary to involve a specialist in assessing the model. Calculating the value, for example, using a model developed by the auditor or by a specialist engaged by the auditor. The re-performance of valuations using the auditors own models and data enables the auditor to develop an independent expectation to use in corroborating the reasonableness of the value calculated by the entity. Comparing the fair value with recent transactions. Considering the sensitivity of the valuation to changes in the variables and assumptions, including market conditions that may affect the value.
32. 32. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012207 AUDITING Inspecting supporting documentation for subsequent realization or settlement of the derivative transaction after the end of the reporting period to obtain further evidence about its valuation at the balance sheet date. 85. Some financial reporting frameworks, for example IAS 39, presume that fair value can be reliably determined for most financial assets, including derivatives. That presumption can be overcome for an investment in an equity instrument (including an investment that is in substance an equity instrument) that does not have a quoted market price in an active market and for which other methods of reasonably estimating fair value are clearly inappropriate or unworkable. The presumption can also be overcome for a derivative that is linked to and that must be settled by delivery of such an unquoted equity instrument. Derivatives, for which the presumption that the fair value of the derivative can be reliably determined has been overcome, and that have a fixed maturity, are measured at amortized cost using the effective interest rate method. Those that do not have a fixed maturity are measured at cost. 86. The auditor gathers audit evidence to determine whether the presumption that the fair value of the derivative can be reliably determined has been overcome, and whether the derivative is properly accounted for under the financial reporting framework. If management cannot support that it has overcome the presumption that the fair value of the derivative can be reliably determined, ISA 70012 requires that the auditor express a qualified opinion or an adverse opinion. If the auditor is unable to obtain sufficient audit evidence to determine whether the presumption has been overcome, there is a limitation on the scope of the auditors work. In this case, ISA 700 requires that the auditor express a qualified opinion or a disclaimer of opinion. Presentation and Disclosure 87. Management is responsible for preparing and presenting the financial statements in accordance with the financial reporting framework, including fairly and completely presenting and disclosing the results of derivative transactions and relevant accounting policies. 88. The auditor assesses whether the presentation and disclosure of derivatives is in conformity with the financial reporting framework. The auditors conclusion as to whether derivatives are presented in conformity with the financial reporting framework is based on the auditors judgment as to whether: The accounting principles selected and applied are in conformity with the financial reporting framework; The accounting principles are appropriate in the circumstances; 12 See footnote 11.
33. 33. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 208 The financial statements, including the related notes, provide information on matters that may affect their use, understanding, and interpretation; Disclosure is adequate to ensure that the entity is in full compliance with the current disclosure requirements of the financial reporting framework under which the financial statements are being reported, for example, IAS 39; The information presented in the financial statements is classified and summarized in a reasonable manner, that is, neither too detailed nor too condensed; and The financial statements reflect the underlying transactions and events in a manner that presents the financial position, results of operations, and cash flows stated within a range of acceptable limits, that is, limits that are reasonable and practicable to attain in financial statements. 89. The financial reporting framework may prescribe presentation and disclosure requirements for derivative instruments. For example, some financial reporting frameworks may require users of derivative financial instruments to provide extensive disclosure of the market risk management policies, market risk measurement methodologies and market price information. Other frameworks may not require disclosure of this information as part of the financial statements, but encourage entities to disclose such information outside of the financial statements. ISA 720, Other Information in Documents Containing Audited Financial Statements provides guidance on the consideration of other information, on which the auditor has no obligation to report, in documents containing audited financial statements. Additional Considerations About Hedging Activities 90. To account for a derivative transaction as a hedge, some financial reporting frameworks, for example, IAS 39, require that management, at the inception of the transaction, designate the derivative instrument as a hedge and contemporaneously formally document: (a) the hedging relationship, (b) the entitys risk management objective and strategy for undertaking the hedge, and (c) how the entity will assess the hedging instruments effectiveness in offsetting the exposure to changes in the hedged items fair value or the hedged transactions cash flow that is attributable to the hedged risk. IAS 39 also requires that management have an expectation that the hedge will be highly effective in achieving offsetting changes in fair value or cash flows attributable to the hedged risk, consistent with the originally documented risk management strategy for that particular hedging relationship. 91. The auditor gathers audit evidence to determine whether management complied with the applicable hedge accounting requirements of the financial reporting
34. 34. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012209 AUDITING framework, including designation and documentation requirements. In addition, the auditor gathers audit evidence to support managements expectation, both at the inception of the hedge transaction, and on an ongoing basis, that the hedging relationship will be highly effective. If management has not prepared the documentation required by the financial reporting framework, the financial statements may not be in conformity with the applicable financial reporting framework, and ISA 70013 would require the auditor to express a qualified opinion or an adverse opinion. Regardless of the financial reporting framework, the auditor is required to obtain sufficient appropriate audit evidence. Therefore, the auditor may obtain documentation prepared by the entity that may be similar to that described in paragraph 90, and may consider obtaining management representations regarding the entitys use and effectiveness of hedge accounting. The nature and extent of the documentation prepared by the entity will vary depending on the nature of the hedged items and the hedging instruments. If sufficient audit evidence to support managements use of hedge accounting is not available, the auditor may have a scope limitation, and may be required by ISA 700 to issue a qualified or disclaimer of opinion. Management Representations 92. ISA 580, Management Representations requires the auditor to obtain appropriate representations from management, including written representations on matters material to the financial statements when other sufficient appropriate audit evidence cannot reasonably be expected to exist. Although management representation letters ordinarily are signed by personnel with primary responsibility for the entity and its financial aspects (ordinarily the senior executive officer and the senior financial officer), the auditor may wish to obtain representations about derivative activities from those responsible for derivative activities within the entity. Depending on the volume and complexity of derivative activities, management representations about derivative financial instruments may include representations about: Managements objectives with respect to derivative financial instruments, for example, whether derivatives are used for hedging or speculative purposes; The financial statement assertions concerning derivative financial instruments, for example: The records reflect all derivative transactions; All embedded derivative instruments have been identified; The assumptions and methodologies used in the derivative valuation models are reasonable; 13 See footnote 11.
35. 35. AUDITING DERIVATIVE FINANCIAL INSTRUMENTS IAPS 1012 210 Whether all transactions have been conducted at arms length and at fair market value; The terms of derivative transactions; Whether there are any side agreements associated with any derivative instruments; Whether the entity has entered into any written options; and Whether the entity complies with the documentation requirements of the financial reporting framework for derivatives that are conditions precedent to specified hedge accounting treatments. 93. Sometimes, with respect to certain aspects of derivatives, management representations may be the only audit evidence that reasonably can be expected to be available; however, ISA 580 states that representations from management cannot be a substitute for other audit evidence that the auditors also expects to be available. If the audit evidence the auditor expects to be available cannot be obtained, this may constitute a limitation on the scope of the audit and the auditor considers the implications for the auditors report. In this case, ISA 70014 requires that the auditor express a qualified opinion or a disclaimer of opinion. Communications with Management and Those Charged with Governance 94. As a result of obtaining an understanding of an entitys accounting and internal control systems and, if applicable, tests of controls, the auditor may become aware of matters to be communicated to management or those charged with governance. ISA 40015 requires that the auditor make management aware, as soon as practical and at an appropriate level of responsibility, of mate